Re: [Exim] HAVE_IPV6

Top Pagina
Delete this message
Reply to this message
Auteur: Colm MacCarthaigh
Datum:  
Aan: exim-users
Onderwerp: Re: [Exim] HAVE_IPV6
On Tue, Jun 24, 2003 at 09:40:15AM +0100, Philip Hazel wrote:
> An address of the form ::ffff:10.10.10.10 is an IPv4 address that has
> been received on an IPv6 interface, in some IPv6 stacks.


It's much more than that, it's an IPv4-mapped IPv6 address, and
it's intended use is for mapping v4 to v6 addresses in a more
general sense, not just for recieved connections :)

::ffff:10.10.10.10 is a perfectly valid IPv6 address, the convention being
that the ::ffff:0:0/96 prefix has been designated for mapping current
public IPv4 addresses.

There's nothing to prevent a routing admin from routing V4 addresses
as ::ffff/96 addresses, and that's one possible (though unlikely)
future for IPv4.

> I *think* the latest IPv6 thinking deprecates this approach,


I think there's an element of confusion here. IPv4-mapped IPv6
addresses have not been deprecated, RFC3484 defines their correct
selection, and RFC3513 defines their format :)

What has changed is that there is a move to standardise the
API for IPv6 programming, with recent RFC's such as rfc3542.txt
(in fact see section 13 for some semantics on mapped addresses)
trying to clear things up.

> and instead applications are supposed to listen for IPv4 and
> IPv6 connections independently.


Here's where things get sticky, whilst it's fine for the approach
exim typically takes .. ie bind to actual addresses. There's
inconsistency in the semantics about binding to passive interface
address such as 0.0.0.0 and ::

Platforms really should allow you to listen on IPv6 and IPv4
sockets for the same port, ie [::]:25 and 0.0.0.0:25, but unfortunately
this is going to be a while coming. Linux, for example will not
let you do this, allthough you can apply the USAGI patches to get
an approximation. Linux isnt alone in this brokeness though.

Platforms such as the BSD's, and an KAME stack will let you do it,
so it's really a question of which method wins out ! In the meantime
us spectators can use getaddrinfo and just not care ;)

But it's important to note, that even if you listen on two seperate
sockets, and set the IPV6_ONLY socket option and so on, there's
still nothing to stop IPv4-mapped addresses coming in via the
the IPv6 socket. They are valid IPv6 addresses, and it's possible
something further up the chain could be performing the translation.

--
Colm MacCárthaigh  /  HEAnet, Teach Brooklawn,  / Innealtóir Ghréasáin
+353 1 6609040    / Bóthar Shelbourne, BÁC, IE /   http://www.hea.net/